# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# NOTE: This file is auto generated by the elixir code generator program.
# Do not edit this file manually.

defmodule GoogleApi.GKEHub.V1.Model.Authority do
  @moduledoc """
  Authority encodes how Google will recognize identities from this Membership. See the workload identity documentation for more details: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

  ## Attributes

  *   `identityProvider` (*type:* `String.t`, *default:* `nil`) - Output only. An identity provider that reflects the `issuer` in the workload identity pool.
  *   `issuer` (*type:* `String.t`, *default:* `nil`) - Optional. A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and be a valid URL with length <2000 characters, it must use `location` rather than `zone` for GKE clusters. If set, then Google will allow valid OIDC tokens from this issuer to authenticate within the workload_identity_pool. OIDC discovery will be performed on this URI to validate tokens from the issuer. Clearing `issuer` disables Workload Identity. `issuer` cannot be directly modified; it must be cleared (and Workload Identity disabled) before using a new issuer (and re-enabling Workload Identity).
  *   `oidcJwks` (*type:* `String.t`, *default:* `nil`) - Optional. OIDC verification keys for this Membership in JWKS format (RFC 7517). When this field is set, OIDC discovery will NOT be performed on `issuer`, and instead OIDC tokens will be validated using this field.
  *   `workloadIdentityPool` (*type:* `String.t`, *default:* `nil`) - Output only. The name of the workload identity pool in which `issuer` will be recognized. There is a single Workload Identity Pool per Hub that is shared between all Memberships that belong to that Hub. For a Hub hosted in {PROJECT_ID}, the workload pool format is `{PROJECT_ID}.hub.id.goog`, although this is subject to change in newer versions of this API.
  """

  use GoogleApi.Gax.ModelBase

  @type t :: %__MODULE__{
          :identityProvider => String.t() | nil,
          :issuer => String.t() | nil,
          :oidcJwks => String.t() | nil,
          :workloadIdentityPool => String.t() | nil
        }

  field(:identityProvider)
  field(:issuer)
  field(:oidcJwks)
  field(:workloadIdentityPool)
end

defimpl Poison.Decoder, for: GoogleApi.GKEHub.V1.Model.Authority do
  def decode(value, options) do
    GoogleApi.GKEHub.V1.Model.Authority.decode(value, options)
  end
end

defimpl Poison.Encoder, for: GoogleApi.GKEHub.V1.Model.Authority do
  def encode(value, options) do
    GoogleApi.Gax.ModelBase.encode(value, options)
  end
end
